In today’s complex business environment, mastery of strategy, operations and technology is a requirement for every business leader. Protecting and preserving the things that have made your organization successful starts with understanding what makes it vulnerable. Below are ten questions you should consider when it comes to your organization’s cybersecurity.
1. Has your company defined and prioritized your most valuable information assets?
2. Has your company developed a cross-functional cybersecurity risk advisory committee?
3. Have you performed vulnerability and penetration tests on company network within the past year?
4. Does your company provide annual or more frequent cybersecurity education and training to your company senior executives, board of directors, and employees?
5. Does your company have an incident response (IR) plan in place? If you answered yes:
- Does your IR plan contain the details for data breach notification guidelines for senior executives, company board of directors, and law enforcement?
- Does your IR plan define your company policy for the payment of a cyber ransom?
6. When employees access your company network, do you require multi-factor authentication?
7. Is your organization’s network monitored 24 /7 / 365 via a Security Operations Center (SOC)?
8. Do your company Information Technology (IT) policies on the timeliness of performing security patches for operating systems and software applications require a patch be performed within 72 hours from the date the software security patch is released?
9. Is your current budget for information security hardware, software, and services less than 10 percent of your overall Information Technology (IT) budget?
10. Does your organization regularly evaluate its cybersecurity risk management program and the effectiveness of its controls?
If you answered no to any of the questions above, we strongly advise you to contact your professional advisor.